Open in app

Sign in

Write

Sign in

The Phenomenon of Flash Loans

Florian Reike
nakamo.to
Published in
4 min readMar 2, 2021

However, the concept of flash loans is not new, and there are secure and beneficial approaches to carry them out.

Therefore, in this article, we will clarify what flash loans are and what they are good for. Also, we will expound upon what the so-called “flash loan attacks” are and how they can be prevented in the future.

First, what are flash loans?

The concept of a flash loan was first proposed by Max Wolff, the creator of the Marble protocol, in 2018. However, the idea came back into focus earlier this year when the Aave project reintroduced it.

A flash loan can be defined as a loan that is taken out and repaid in a single Ethereum transaction (a block).

No collateral is required from the borrower, as there is no default or illiquidity risk for the lender.

The key points of this are as follows:

  • Borrowing and repayment occurs in a single transaction.
  • No collateral is required.
  • The borrower must repay the original amount borrowed, plus a small fee (currently 0.09%).
  • The transaction must be completed successfully, otherwise everything will be reversed, and the borrower will only have to pay the gas fee.

The benefits of no needed collateral and a short-term timeframe lead us directly to the interesting use cases of flash credit, including:

  • Arbitrage between decentralized exchanges
  • Debt refinancing on various lending platforms such as Compound, dYdX, or Nuo

Despite the many legitimate use cases, flash loans provide many opportunities for market participants with fraudulent intentions. Some users have preyed upon these opportunities with capital-intensive attacks funded by flash loans.

What are flash loan attacks?

In these events, attackers manipulate the price-setting elements (oracles) of DeFi platforms with the borrowed money to obtain cryptocurrencies as cheaply as possible.

An example would be the creation of an oversupply of a certain currency by providing liquidity from a flash loan. The prices would subsequently fall and the attacker would buy for the cheap price.

In the end, the attacker pays back the flash loan and prices return to normal, thus increasing the value of his or her purchased assets.

All this happens within just one transaction without anyone being able to change it.

In this or a similar way, many attacks have been committed in the recent past, causing total damages of several million dollars.

Victims were all kinds of DeFi protocols that rely on price oracles — and this is exactly the weak point of these projects.

Clearly, the price oracles of these platforms are not secure against attacks with flash loans.

What are the options to protect against flash loans attacks?

Unfortunately, there is no way for platforms to tell if they are being attacked with flash loans.

It is also not an option to stop offering flash loans, as this is up to each platform to decide. Besides, there are also positive uses for flash loans, so a ban would be tragic for these legitimate utilities.

Another proposed idea for preventing flash loan attacks is the prohibition of transactions exclusively within one block. This means that you can only use transactions that run over multiple blocks.

Unfortunately, this idea would not work either, because the transactions would no longer be synchronous.

This leaves two viable ways to prevent flash credit attacks.

The first is that all flash loan attacks should ultimately be reverse engineered by miners.

This would deprive attackers of the opportunity to monetize their spoils from these vulnerabilities. But, this would also require a consensus among miners, or it will ultimately lead to a split of the community of the particular platform and Ethereum.

The far more feasible second idea, and thus the idea that should be pursued, is a reconstruction of platforms’ oracles and data sources.

Since all attackers manipulate the oracles and their data, which in turn is the basis of the output of these oracles, oracles should be better verified.

The goal with this is to have a reliable oracle network capable of supporting a DeFi ecosystem responsible for billions and eventually trillions of dollars. In doing so, both the quality of the data provided must be secure and reliable, and the oracle network itself must be broad-based and thus stable.

A large project that follows exactly this approach is Chainlink.

They offer such an oracle network for integration by other DeFi projects. This relies on clever algorithms and a variety of verified sources to deliver, for example, prices of cryptocurrencies in a manner that is secure and unmanipulable.

Summary

In this article, we have explained that flash loans are loans that are taken out and repaid within a block. Furthermore, no collateral is required due to the lack of risk to the lender.

The use of flash loans for arbitrage between decentralized exchanges and for debt refinancing on various lending platforms is the most common utility.

However, as we have discussed, these flash loans can also be used for attacks. As this happens, the data sources for oracles of DeFi projects are usually manipulated with the help of huge sums from flash loans to obtain crypto assets on these platforms at a low price.

The only useful measure against this seems to be the redesign of the oracle networks and their data sources as modeled by the Chainlink project.

It remains to be seen whether the number of flash loan attacks will be minimized in the future by an oracle changeover or whether attackers will simply find new ways to attack with flash loans.

Blog

--

--

Florian Reike
nakamo.to

Written by Florian Reike

51 Followers
Editor for

Florian Reike is a German entrepreneur who works with cryptocurrency and is one of the co-founders of nakamo.to.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams